Posted: July 2nd, 2022

Deliverable 1: Rules of Engagement

Penetration Test Proposal
Deliverable 1: Rules of Engagement

Instructions
The first deliverable of the Penetration Test Proposal is the rules of engagement (ROE)
document, a formal document that outlines the objectives, scope, methodology, and overall test
plan agreed upon by the penetration testers and client system administrators. Penetration
testing can cause complications such as network traffic congestion, system downtime, and may
cause the same vulnerabilities and compromises it was designed to prevent. Due to the
potential consequences of penetration testing, it is vital to agree upon a comprehensive ROE
before testing.
For your ROE deliverable, consider the following:
How will you identify Haverbrook Investment Group’s network characteristics, expectations,
constraints, critical systems, and other relevant information?
What are your preliminary engagement activities with regard to scheduling, scope, and key
stakeholders?
What will you use to establish a binding agreement between Centralia Security Lab and
Haverbrook Investment Group?
How will you determine the services, targets, expectations, and other logistics that will be
covered during the Rules of Engagement section?
How will you explain to Haverbrook that the tools and techniques to be used in the penetration
test will not corrupt data, violate privacy, and are in compliance with industry standards and any
applicable laws and regulations?
Use the Rules of Engagement Template to record your work.
Rules of Engagement
Overview
Include a brief description of the penetration test project.
The projects entail the penetration test in organization systems to establish vulnerabilities as well as the extent to which a target can be compromised in case of a real attack. This approach enhances the installation of effective countermeasures to prevent current and future attacks (Holik et al., 2014). The project’s phase begins with the establishment of an agreement by the two parties i.e., the ethical hacker and the Haverbrook investment Groups. The agreement defines the conduct of the penetration terms of methodology scope and objectives. Consequently, there is the planning and the reconnaissance stage that include the attacker gathering information on the target possible such as network topology, IP addresses, mail servers, and domain details. Furthermore, the hacker moves to the scanning stage, where the attacker engages the system with the intention to derive vulnerabilities and weaknesses in the system. Moreover, there is the gaining access stage where the established access is exploited to access the target in the system or network. More so, penetrations maintain the access of the system and network to determine the extent of control in the system even after rebooting, modifying, or resetting the system. Lastly, there is the analysis stage that established a report on the system or the network. The report details the specific vulnerabilities, the information, and sensitive data accessed, and the period the attacker was able to remain in the system. This information establishes the extent of weakness and vulnerability in the system.

Scope
Discuss the scope of the penetration test (pen test).
The scope of the penetration test determines the extent of access to an organization’s resources, system, and network. The scope of penetration draws a line between organization resources to be accessed and those that should not be accessed (Klima and Tomanek, 2015). The scope of penetration is contained in the agreement phase to ensure the integrity and confidentiality of the content of the system, database, and network. For instance, the attacker cannot interfere with the production server or change or interfere with the database for it would be expensive for the business.
Checklist
Provide a list of the testing requirements.
The ethical hacker needs to have different requirements before and in the process of penetration testing.
1. Penetration testing certificationsInnovative design and problem-solving skills
2. Combination of cybersecurity, computer science and information technology hard skills
3. Cybersecurity course system vulnerability assessment, cryptology, and ethical hacking
Therefore, the requirements for penetrations testing range from education, certification, and skill requirements.
Ethical Considerations
Describe how you will apply appropriate ethical principles throughout the penetration testing process.
Ethical hackers need to incorporate ethical principles in their operations to ensure their work and operations are effectively implemented. In this regard, the ethical hacker needs to uphold the privacy and confidentiality of the information, and any sensitive matter learned in the course of conducting the penetration test (Faily, McAlaney and Lacob, 2015). This approach ensures that the client information and sensitive data are safe and secure from third parties. Consequently, ethical hackers need to maintain and uphold high levels of integrity and honesty. Ethical hacker accesses the system, network, and sensitive information of the client, and thus they need to operate in the interest of the client to ensure possible vulnerability in the system are eliminated. Therefore, ethical hackers need to exercise high levels of transparency and accountability to their clients.

References
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective penetration testing with Metasploit framework and methodologies. In 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI) (pp. 237-242). IEEE.
Faily, S., McAlaney, J., & Iacob, C. (2015, June). Ethical Dilemmas and Dimensions in Penetration Testing. In HAISA (pp. 233-242).
Klíma, T., & Tománek, M. (2015, July). Project Management of Complex Penetration Tests. In European Conference on Cyber Warfare and Security (p. 383). Academic Conferences International Limited.

Check Price Discount

Study Notes & Homework Samples: How to write a discussion paper »The implementation of electronic health records